WGU C836 OA Study Guide (Overly Informative)

CIA Triad

Confidentiality, Integrity, Availability

Parkerian hexad

Where the CIA triad consists of confidentiality, integrity, and availability, the Parkerian hexad consists of these three principles, as well as possession or control, authenticity, and utility

Confidentiality

Refers to our ability to protect our data from those who are not authorized to view it.

Confidentiality can be compromised by the loss of a laptop containing data, a person looking over our shoulder while we type a password, an e-mail attachment being sent to the wrong person, an attacker penetrating our systems, or similar issues.

Integrity

Refers to the ability to prevent our data from being changed in an unauthorized or undesirable manner. This could mean the unauthorized change or deletion of our data or portions of our data, or it could mean an authorized, but undesirable, change or deletion of our data. To maintain integrity, we not only need to have the means to prevent unauthorized changes to our data but also need the ability to reverse authorized changes that need to be undone.

Availability

refers to the ability to access our data when we need it. Loss of availability can refer to a wide variety of breaks anywhere in the chain that allows us access to our data. Such issues can result from power loss, operating system or application problems, network attacks, compromise of a system, or other problems. When such issues are caused by an outside party, such as an attacker, they are commonly referred to as a denial of service (DoS) attack.

Possession or Control

Refers to the physical disposition of the media on which the data is stored. This enables us, without involving other factors such as availability, to discuss our loss of the data in its physical medium

An example is data store be on multiple devices and there could be numerous versions.

Authenticity

Attribution as to the owner or creator of the data in question.

Authenticity can be enforced through the use of digital signatures.

Utility

Refers to how useful the data is to us.

Interception

Interception attacks allow unauthorized users to access our data, applications, or environments and are primarily an attack against confidentiality. Interception might take the form of unauthorized file viewing or copying, eavesdropping on phone conversations, or reading e-mail, and can be conducted against data at rest or in motion. Properly executed, interception attacks can be very difficult to detect.

Affects Confidentiality

Interruption

Interruption attacks cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis. Interruption attacks often affect availability but can be an attack on integrity as well. In the case of a DoS attack on a mail server, we would classify this as an availability attack.

Affects Integrity and availability

Modification

Modification attacks involve tampering with our asset. If we access a file in an unauthorized manner and alter the data it contains, we have affected the integrity of the data contained in the file.

Fabrication

Fabrication attacks involve generating data, processes, communications, or other similar activities with a system. Fabrication attacks primarily affect integrity but could be considered an availability attack as well. If we generate spurious information in a database, this would be considered to be a fabrication attack.

Affects Integrity and Availability

Threat

Something that has potential to cause harm

Vulnerability

Weaknesses that can be used to harm us

Risk

Likeliness that something bad will happen

Impact

The value of the asset is used to assess if a risk is present

Something you know

Password or PIN

Something you are

An authentication factor using biometrics, such as a fingerprint scanner.

Something you have

Authentication factor that relies on possession (FOB, Card, Cell Phone, Key)

Something you do

An authentication factor indicating action, such as gestures on a touch screen.

Multifactor Authentication

Uses one or more authentication methods for access

Mutual Authentication

A security mechanism that requires that each party in a communication verify its identity.

Can be combine with multifactor authentication.

In mutual authentication, not only does the client authenticate to the server, but the server authenticates to the client as well. Mutual authentication is often implemented through the use of digital certificates. Both the client and the server would have a certificate to authenticate the other.

Biometric: Universality

Characteristics in the majority of people we expect to enroll for the system.

Biometric: Uniqueness

Measure of how unique a particular characteristic is among individuals

Biometric: Permanence

How well a particular characteristic resists change over time and with advancing age.

Biometric: Collectability

How easy it is to acquire a characteristic with which we can later authenticate a user

Biometric: Performance

Set of metrics that judge how well a given system functions. Such factors include speed, accuracy, and error rate

Biometric: Acceptability

A measure of how acceptable the particular characteristic is to the users of the system

Biometric: Circumvention

Describes the ease with which a system can be tricked by a falsified biometric identifier.

Risk Management Process

1. Identify Asset

2. Identify Threats

3. Assess Vulnerabilities

4. Assess Risk

5. Mitigate Risk

Logical Controls

Sometimes called technical controls, these protect the systems, networks, and environments that process, transmit, and store our data

Physical Controls

Controls to protect the organization's people and physical environment, such as locks, fire management, gates, and guards; physical controls may be called "operational controls" in some contexts.

Administrative Controls

Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment.

Incident Response Process

1. Preparation - the policies and procedures that govern incident response and handling in place, conducting training and education for both incident handlers

2. Detection and Analysis - detect the occurrence of an issue and decide whether or not it is actually an incident

3. Containment, Eradication, and Recovery - ensure that the situation does not cause any more damage

4. Post Incident Activity - determine specifically what happened, why it happened, and what we can do to keep it from happening again

Principle of Least Privilege

Only allow the bare minimum of access to a party—this might be a person, user account, or process—to allow it to perform the functionality needed of it

Discretionary Access Control (DAC)

Model of access control based on access being determined by the owner of the resource in question

Example:

A user who creates a network share and sets permissions on that share

Mandatory Access Control (MAC)

Model of access control in which the owner of the resource does not get to decide who gets to access it, but instead access is decided by a group or individual who has the authority to set access on resources

Role-Based Access Control (RBAC)

Model of access control that set by an authority responsible for doing so, rather than by the owner of the resource.

Attribute-based Access Control (ABAC)

Model of access control that is, logically, based on attributes from a particular person, of a resource, or of an environment.

Example:

VPN connection is set to timeout after a certain time

Multilevel Access Control

An access control model that includes many tiers of security and is used extensively by military and government organizations and those that handle data of a very sensitive nature

Confused Deputy Problem

A type of attack that is common in systems that use ACLs rather than capabilities. The crux of the confused deputy problem is seen when the software with access to a resource has a greater level of permission to access the resource than the user who is controlling the software.

If we, as the user, can trick the software into misusing its greater level of authority, we can potentially carry out an attack

Client-side Attacks

Attacks that take advantage of weaknesses in applications that are running on the computer being operated directly by the user. These attacks can take the form of code sent through the Web browser, which is then executed on the local machine, malformed PDF files, images or videos with attack code embedded, or other forms

Cross-Site Request Forgery (CSRF or XSRF)

An attack that misuses the authority of the browser on the user's computer. If the attacker knows of, or can guess, a Web site to which the user might already be authenticated, perhaps a very common site such as Amazon.com, they can attempt to carry out a CSRF attack [2]. They can do this by embedding a link in a Web page or HTML-based e-mail, generally a link to an image from the site to which he wishes to direct the user without their knowledge. When the application attempts to retrieve the image in the link, it also executes the additional commands the attacker has embedded in it.

Clickjacking (User Interface Redressing)

A client-side attack that involves the attacker placing an invisible layer over something on a website that the user would normally click on, in order to execute a command differing from what the user thinks they are performing.

Accountability

Identification, Authentication, Authorization, and Access.

Nonrepudiation

A situation in which sufficient evidence exists as to prevent an individual from successfully denying that he or she has made a statement, or taken an action

Intrusion Detection

Monitors and reports malicious events

Intrusion Prevention

Alarms and takes actions when malicious events occur

Auditing

The primary means to ensure accountability through technical means.

Penetration Test

Mimic, as closely as possible, the techniques an actual attack would use

Nessus

Vulnerability scanning tool

Caesar Cypher

letter-by-letter method to make a cipher. For each letter, substitute another letter 4 letters ahead. For "a", write "d".

Cryptographic Machines

1. The Jefferson Disk by Thomas Jefferson

2. The Enigma by Arthur Scherbius

Kerckhoffs' Principle

1. The system must be substantial, if not mathematically, undecipherable.

2. The system must not require secrecy and can be stolen by the enemy without causing trouble.

3. It must be easy to communicate and remember the keys without requiring written notes, and it must be easy to change or modify the keys with different participants.

4. The system ought to be compatible with telegraph communication.

5. The system must be portable, and its use must not require more than one person.

6. Finally, regarding the circumstances in which such system is applied, it must be easy to use and must require neither the stress of mind nor the knowledge of a long series of rules.

Symmetric Cryptography

Encryption that uses a single key to encrypt and decrypt a message.